[CERT-daily] Tageszusammenfassung - Dienstag 28-04-2015

Tue Apr 28 18:06:07 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 27-04-2015 18:00 − Dienstag 28-04-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Fake Security Scams - 2015 Edition ***
---------------------------------------------
New Year, Similar Scams In 2013, I wrote an article talking about the popular Fake Microsoft Security Scams that were doing the rounds. As expected, these type of scams have continued to grow ..
---------------------------------------------
http:////www.webroot.com/blog/2015/04/27/fake-security-scams-2015-edition/


*** 10 Ways to Ensure Your Privileged Password Management Strategy Will Succeed ***
---------------------------------------------
Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organisation. But if passwords are such a no-brainer, why do so many data breaches tie back to poor password management?
---------------------------------------------
http://blog.beyondtrust.com/10-reasons-your-privileged-password-management-solution-will-fail


*** When Prevention Fails, Incident Response Begins, (Mon, Apr 27th) ***
---------------------------------------------
Ive been asked a few times this year ($dayjob) to discuss and review incident handling practices with some of our clients. This topic seems to have come up to the surface again, and with some breaches getting main-stream coverage, it only ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19629


*** WordPress 4.2.1 Security Release ***
---------------------------------------------
https://wordpress.org/news/2015/04/wordpress-4-2-1/


*** SendGrid: Employee Account Hacked, Used to Steal Customer Credentials ***
---------------------------------------------
Sendgrid, an email service used by tens of thousands of companies -- including Silicon Valley giants as well as Bitcoin exchange Coinbase -- said attackers compromised a Sendgrid employees account, which was then used to steal the usernames, email ..
---------------------------------------------
http://krebsonsecurity.com/2015/04/sendgrid-employee-account-hacked-used-to-steal-customer-credentials/


*** Booby trapped! Malvertising campaign hit Adult Site xHamster ***
---------------------------------------------
A New malvertising campaign hit adult website xHamster by abusing ad provider TrafficHaus and exploiting the Google's URL shortener service. Malversting campaigns are becoming a serious problem for web users, cyber criminals are exploiting ..
---------------------------------------------
http://securityaffairs.co/wordpress/36367/cyber-crime/malvertising-campaign-xhamster.html


*** Best Free and Open Source SQL Injection Tools ***
---------------------------------------------
SQL injection is one of the most common attacks against web applications. This is used against websites which use SQL to query data from the database server. A successful ..
---------------------------------------------
http://resources.infosecinstitute.com/best-free-and-open-source-sql-injection-tools/


*** Hacker tarnen sich als Rüstungsfirma und tricksen Antiviren-Programme aus ***
---------------------------------------------
Angreifer nutzten die Gunst der Stunde und verschickten im Zuge einer Firmenübernahme als Willkommensnachricht getarnte Phishing-Mails, um mit einer raffinierten Methode Schadcode auf die Computer von Angestellten zu schmuggeln.
---------------------------------------------
http://heise.de/-2625892


*** Kritische Sicherheitslücke in WordPress ***
---------------------------------------------
Angesichts der potentiellen Auswirkung der Lücke und der hohen Anzahl an installierten WordPress Content Management Systemen bittet CERT.at um Beachtung der folgenden ..
---------------------------------------------
https://cert.at/warnings/all/20150428.html


*** Inside the Zeroaccess Trojan ***
---------------------------------------------
The Zeroaccess trojan (Maxx++, Sierief, Crimeware) has affected millions of computers worldwide, and it is the number one cause of cyber click fraud and Bitcoin mining on the Internet.
---------------------------------------------
http://blog.norsecorp.com/2015/04/27/inside-the-zeroaccess-trojan/


*** Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability ***
---------------------------------------------
The vulnerability is due to improper processing of crafted RADIUS packets by a device running the affected software. An authenticated, remote attacker could exploit this vulnerability by sending crafted RADIUS packets to an affected device. If successful, the attacker could cause the device to crash, resulting in a DoS condition.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38544


*** Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability ***
---------------------------------------------
The vulnerability is due to improper handling of DHCPv6 packets for a SOLICIT message for an Identity Association for Non-Temporary Addresses (IA-NA) by a device running the affected software. An unauthenticated, adjacent attacker could exploit this vulnerability by sending a crafted sequence exchange of DHCPv6 packets for a SOLICIT message for an IA-NA to an affected device. If successful, the attacker could cause the device to crash, resulting in a DoS condition.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38543